Why OpenWrt has routing rule type throw instead of route type throw?

I'm using OpenWrt 23.05 on GL-MT1300.
In the LuCi, I can add a routing rule whose type is "throw", and not a route whose type is "throw". But in the iproute2 package of Arch Linux and Debian, the situation is reversed: There is a route type throw, but not routing rule type throw (at least according to ip-rule man page).

To summarize, regarding to whether can I add a "throw“ type route or routing rule:

route routing rule/policy
OpenWrt LuCi no yes
Debian iproute2 yes no

Why the difference? Is there a kernel compile-time config that controls this behavior?

Or is it an LuCi bug? In the OpenWrt Wiki, the description of "throw" type is "Stop lookup in the current routing table even if a default route exists", indicates that the item which has the type "throw" should be a route instead of routing rule, because it is routes that resides in a routing table, not routing rules.

The way I interpret it.
You make a rule to lookup table lan for all ingress traffic from 192.168.1.0/24
Table lan has a default gateway. But for some reason you want to reply with unreachable for a specific route towards 10.0.0.0/24, so you can add the rule with throw action from 192.168.1.0/24 to 10.0.0.0/24. But you can also apply that to other conditions, not just routes, e.g tos or mark.

Adding routes and rules is possible on OpenWrt. Can you provide more details - for example the syntax for the routes and rules you entered into /etc/config/network and on the Debian?

There's a difference in the way iproute2 and netifd process routing rules.

iproute2

netifd

The last part for netifd looks weird, specifically compared to the list of actions for iproute2.

Yeah, seems so. Only took ten years to get noticed :slight_smile: Patches welcome.

Edit:

Actually iproute2 uses route types for rule actions as well:

It just supports some additional ones (goto and nop which map to FR_ACT_GOTO and FR_ACT_NOP respectively).

Test on a Debian system:

jow@j7:~$ sudo ip rule add from 1.2.3.4 throw
jow@j7:~$ sudo ip rule 
0:	from all lookup local
219:	from 1.2.3.4 throw
220:	from all lookup 220
32766:	from all lookup main
32767:	from all lookup default
jow@j7:~$ 

Routes with throw are supported too in uci:

root@er-x:~# uci show network.@route[-1]
network.cfg16c8b4=route
network.cfg16c8b4.target='1.2.3.4/32'
network.cfg16c8b4.interface='loopback'
network.cfg16c8b4.type='throw'
root@er-x:~# ubus call network reload
root@er-x:~# ip route | grep throw
throw 1.2.3.4 proto static 
root@er-x:~# 

The throw type is just missing in the LuCI ui dropdown.

2 Likes

Aside from throw, does it make sense to add nat, xresolve and failed_policy also? xresolve is apparently not implemented...? NAT perhaps needs an as modifier.

I assume this regards the luci fields Static IPv* Routes and not IPv* Rules.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.